Department of Justice Online Investigative Principles for Federal Law Enforcement Agents

The following guide to principles used in online investigations conducted by federal law enforcement agents was authored by a special working group convened by the Department of Justice in 1999.  The working group included members of the FBI, Treasury, Secret Service, IRS, ATF, Air Force and even NASA who worked to create a standard guide for federal agents engaged in online criminal investigations.  For more information on the document and its significance, please see our accompanying article on the subject.

ONLINE INVESTIGATIVE PRINCIPLES FOR FEDERAL LAW ENFORCEMENT AGENTS

  • 93 pages
  • Contains Sensitive Law Enforcement Information
  • Distribution Limited to Law Enforcement Personnel
  • November 1999

Download

PRINCIPLE 1
OBTAINING INFORMATION FROM UNRESTRICTED SOURCES

Law enforcement agents may obtain information from publicly accessible online sources and facilities under the same conditions as they may obtain information from other sources generally open to the public. This Principle applies to publicly accessible sources located in foreign jurisdictions as well as those in the United States.

PRINCIPLE 2
OBTAINING IDENTIFYING INFORMATION ABOUT USERS OR NETWORKS

There are widely available software tools for obtaining publicly available identifying information about a user or a host computer on a network. Agents may use such tools in their intended lawful manner under the same circumstances in which agency rules permit them to look up similar identifying information (e.g., a telephone number) through non-electronic means. However, agents may not use software tools _ even those generally available as standard operating system software _ to circumvent restrictions placed on system users.

PRINCIPLE 3
REAL-TIME COMMUNICATIONS

An agent may passively observe and log real-time electronic communications open to the public under the same circumstances in which the agent could attend a public meeting.

PRINCIPLE 4
ACCESSING RESTRICTED SOURCES

Law enforcement agents may not access restricted online sources or facilities absent legal authority permitting entry into private space.

PRINCIPLE 5
ONLINE COMMUNICATIONS GENERALLY

Law enforcement agents may use online services to communicate as they may use other types of communication tools, such as the telephone and the mail. Law enforcement agents should retain the contents of a stored electronic message, such as an e-mail, if they would have retained that message had it been written on paper. The contents should be preserved in a manner authorized by agency procedures governing the preservation of electronic communications.

PRINCIPLE 6
UNDERCOVER COMMUNICATIONS

Agents communicating online with witnesses, subjects, or victims must disclose their affiliation with law enforcement when agency guidelines would require such disclosure if the communication were taking place in person or over the telephone. Agents may communicate online under a non-identifying name or fictitious identity if agency guidelines and procedures would authorize such communications in the physical world. For purposes of agency undercover guidelines, each discrete online conversation constitutes a separate undercover activity or contact, but such a conversation may comprise more than one online transmission between the agent and another person.

PRINCIPLE 7
ONLINE UNDERCOVER FACILITIES

Just as law enforcement agencies may establish physical-world undercover entities, they also may establish online undercover facilities, such as bulletin board systems, Internet service providers, and World Wide Web sites, which covertly offer information or services to the public. Online undercover facilities, however, can raise novel and complex legal issues, especially if law enforcement agents seek to use the system administrator’s powers for criminal investigative purposes. Further, these facilities may raise unique and sensitive policy issues involving privacy, international sovereignty, and unintended
harm to unknown third parties.

Because of these concerns, a proposed online undercover facility, like any undercover entity, may be established only if the operation is authorized pursuant to the agency’s guidelines and procedures for evaluating undercover operations. In addition, unless the proposed online undercover facility would merely provide information to members of the public or accounts to law enforcement agents, the agency or federal prosecutor involved in the investigation must consult in advance with the “Computer and Telecommunications Coordinator” (CTC) in the United States Attorney’s office in the district in which the operation will be based or with the Computer Crime and Intellectual Property Section (CCIPS) of the Justice Department’s Criminal Division. An attorney from the Section can be reached at (202) 514-1026 or through the Justice Command Center at (202) 514-5000.

Agencies that already consult with the Justice Department as part of their internal review process for undercover operations may comply with this requirement by providing an extra copy of the undercover proposal to the CTC or to CCIPS, as appropriate.

PRINCIPLE 8
COMMUNICATING THROUGH THE ONLINE
IDENTITY OF A COOPERATING WITNESS, WITH CONSENT

Law enforcement agents may ask a cooperating witness to communicate online with other persons in order to further a criminal investigation if agency guidelines and procedures authorize such a consensual communication over the telephone. Law enforcement agents may communicate using the online identity of another person if that person consents, if the communications are within the scope of the consent, and if such activity is authorized by agency guidelines and procedures. Agents who communicate through the online identity of a cooperating witness are acting in an undercover capacity.

PRINCIPLE 9
APPROPRIATING ONLINE IDENTITY

“Appropriating online identity” occurs when a law enforcement agent electronically communicates with others by deliberately assuming the known online identity (such as the username) of a real person, without obtaining that person’s consent. Appropriating identity is an intrusive law enforcement technique that should be used infrequently and only in serious criminal cases. To appropriate online identity, a law enforcement agent or a federal prosecutor involved in the investigation must obtain the concurrence of the United States Attorney’s Office’s “Computer and Telecommunications Coordinator” (CTC) or the Computer Crime and Intellectual Property Section. An attorney from the Section can be reached at (202) 514-1026 or through the Justice Command Center at (202) 514-5000. In rare instances, it will be  necessary for law enforcement agents to appropriate online identity immediately in order to take advantage of a perishable opportunity to investigate serious criminal activity. In those circumstances, they may
appropriate identity and notify the Computer Crime and Intellectual Property Section within 48 hours thereafter.

PRINCIPLE 10
ONLINE ACTIVITY BY AGENTS DURING PERSONAL TIME

While not on duty, an agent is generally free to engage in personal online pursuits. If, however, the agent’s off-duty online activities are within the scope of an ongoing investigation or undertaken for the purpose of developing investigative leads, the agent is bound by the same restrictions on investigative conduct as would apply when the agent is on duty.

PRINCIPLE 11
INTERNATIONAL ISSUES

Unless gathering information from online facilities configured for public access, law enforcement agents conducting online investigations should use reasonable efforts to ascertain whether any pertinent computer system, data, witness, or subject is located in a foreign jurisdiction. Whenever any one of these is located abroad, agents should follow the policies and procedures set out by their agencies for international investigations.

Share this:

Facebooktwitterredditlinkedinmail